05 June, 2013

Recently I was asked to compile a list of all CiviCRM releases since 3.1.0, identifying which were security releases so that we could make sure clients' sites were secure. The organization I work for (Freeform Solutions) is focused on doing sites for other non-profit organizations, many of whom are still running older versions of CiviCRM due to budgetary or other constraints, so we wanted to be sure that no one was running a version known to contain security vulnerabilities. Since this seemed like the sort of resource that might be useful to other CiviCRM users, I'm sharing it here.

Of course, the simplest approach is probably just making sure any given client is running the latest release of their particular CiviCRM version (4.3.x, 4.2.x, etc.). But this isn't always reliable (as pointed out by Herb in a comment below), because security fixes are not always applied to older versions (currently, versions prior to 4.2 are not being...

Read more
17 April, 2013
By totten

IMPORTANT: You do NOT need to upgrade CiviCRM to remove this vulnerability. See "Prevent Attacks: Delete the Vulnerable File" below.

In recent days, multiple site admininistrators have reported evidence that their sites were attacked using vulnerabilities in the OpenFlashChart library included with prior versions of CiviCRM.  This vulnerability was eliminated in the CiviCRM v4.2.6 release (Dec 2012), and site administrators were strongly advised to apply the upgrade. However, as older versions of CiviCRM are still vulnerable, site administrators running outdated versions of CiviCRM should take steps immediately to prevent new attacks and identify past attacks. This blog post provides some background and suggestions.

You can check what version of CiviCRM you are using by looking on any CiviCRM page.  The version is displayed at the bottom of the screen (see screenshot...

Read more
18 November, 2010
By shot
Filed under v3.2, CiviCRM

CiviCRM 3.2.5 is a security release, fixing security vulnerabilities in CiviCRM Ajax and REST interfaces and export code. We strongly recommend that you upgrade your CiviCRM installation to 3.2.5.

We just released CiviCRM 3.2.5 – it is now available for download. You can also try it out on our demo site. This release introduces quite a few bug fixes; for full list of things that has been fixed/improved in 3.2.5, please take a look at our issue tracker.

For more details on major new features/highlights, please refer to...

Read more
28 October, 2010
By shot
Filed under v3.2, CiviCRM

We just released CiviCRM 3.2.4 – it is now available for download. You can also try it out on our demo site. This release introduces quite a few bug fixes; for full list of things that has been fixed/improved in 3.2.4, please take a look at our issue tracker.

For more details on major new features/highlights, please refer to 3.2 release blog post, here's the short list:

  • Usability improvements
  • Support for PHP 5.3
  • CiviCase Phase 3
  • CiviEvent...
Read more
08 September, 2010
Filed under v3.2, CiviCRM, Drupal

Over the last year rayogram has worked with the New York State Senate to deploy a customized version of CiviCRM 3.2 for each Senate office. In the course of this work, we developed a custom theme for NYSS that leverages much of the template work that we did for the CiviCRM 3.2.

 

When we presented the work we had done for CiviCRM 3.2 and this theme to the CiviCRM community at CiviCon we got a number of requests for some of the bits of customization we did. Two specific features were requested:

  • Sidebar tabs on contact page
  • Recent items in footer, with profile "overlay"

This got us thinking: everybody needs a good CiviCRM admin theme, and we were already 80% of the way there. All we needed to do was add some extra customization and abstraction to...

Read more
07 September, 2010
By shot
Filed under CiviPledge, v3.2, CiviCRM

We just released CiviCRM 3.2.3 – it is now available for download. You can also try it out on our demo site. This release introduces changes to pledge recording and quite a few bug fixes; for full list of things that has been fixed/improved in 3.2.3, please take a look at our issue tracker. Unfortunately a bug related to wrong case types being displayed was introduced into 3.2.3 release. The patch will be available in the next 3.2.4 release and could be downloaded here...

Read more
23 August, 2010
By shot
Filed under v3.2

Update: Due to an unfortunate error multilingual sites cannot be upgraded to CiviCRM 3.2.2; if you’re running such site please wait for CiviCRM 3.2.3. Single-language sites (regardless of the language they use) should upgrade to CiviCRM 3.2.2 cleanly, and new CiviCRM 3.2.2 installations (both single- and multilingual) should work without a problem.

We just released CiviCRM 3.2.2 – it is now available for download. You can also try it out on our demo site. It is mainly a bug fix release – for full list of things that has been fixed/improved in 3.2.2, please take a look at our...

Read more
18 August, 2010
By kurund
Filed under v3.2

I have developed very basic iphone app for CiviCRM using Titanium framework.

Features
  • Allows users to "Search Contacts" from their remote CiviCRM database.
  • Add Individuals.
  • App uses CiviCRM REST interface so you can scale it according to your needs.
You can get the code from our public svn repository: http://svn.civicrm.org/tools/branches/v3.2/other/iphone_1.0/ Few screenshots:
...
Read more
14 August, 2010
By xavier
Filed under v3.2, CiviCRM
Hi all, We probably all have the same problem: the same contact is present several times in our CRM. This isn't a trivial problem to solve, as the same name can be spelt differently, eg. "José Manuel Durão Barroso", president of the "European Commission" is the same as "Jose Manuel Barrosso", employed by the "EC", and very likely to be found misspelt as well as "Barroso", or "Durao Barosso". For a computer, "José", "Jose" and "José Manuel" aren't the same first name and you will always need human beings to decide if they are duplicates, but CiviCRM tries to spot the really obvious matches. CiviCRM has several dedupe rules that help avoiding creating these duplicates. In a nutshell, a dedupe rule is a list of fields that need to be different to be considered different contacts. By default, if two individuals have the same email address, they are considered duplicates, but you can change it to say they... Read more
11 August, 2010
By michal
Filed under v3.2

We just released CiviCRM 3.2.1 - it is now available for download. You can also try it out on our demo site. It is mainly a bug fix release - for full list of things that has been fixed/improved in 3.2.1, please take a look at our

Read more